ItWasAllADream is a Python-based scanner designed to detect CVE-2021-34527, also known as PrintNightmare. This security vulnerability enables remote code execution on Windows systems running the Print Spooler service. The tool scans entire subnets to identify hosts vulnerable to the remote code execution (RCE) aspect of PrintNightmare, not the local privilege escalation (LPE), and generates a CSV report with the results. It assesses the exploitability of the vulnerability over MS-PAR and MS-RPRN protocols, helping users identify systems that may be at risk due to this critical security issue.
Features
- Scans subnets for PrintNightmare RCE vulnerability.
- Generates a CSV report with scan results.
- Uses "de-fanged" versions of the Python exploits, avoiding actual exploitation but using the same vulnerable RPC calls to determine vulnerability.
- Checks for vulnerability using the UNC bypass discovered by @gentilkiwi.
Installation
Docker:
Dev install (requires Poetry):
Usage
Arguments:
· target: Target subnet in CIDR notation, CSVfile, or newline-delimited text file.
· -u USERNAME, --username USERNAME: Username to authenticate as.
· -p PASSWORD, --password PASSWORD: Password to authenticate as. If not specified will prompt.
· -d DOMAIN, --domain DOMAIN: Domain to authenticate as.
· --timeout TIMEOUT: Connection timeout in seconds(default: 30).
· --threads THREADS: Max concurrent threads(default: 100).
· -v, --verbose: Enable verbose output (default:False).
· --csv-column CSV_COLUMN: If the target argumentis a CSV file, this argument specifies which column to parse (default:DNSHostName).
Example:
Note:
· As the exploit requires authentication to Active Directory, you need to supply credentials.
· If the password isn't supplied, it will prompt you to enter it.
· By default, it uses 100 threads, which can bead justed using the --threads argument.
· After completion, a report_<timestamp>.csv file will be generated in the current directory with the results.